Challenges to Cyber Security

  • The distinction between military and civilian targets is increasingly getting erased and the consequences of this could be indeterminate.
  • Cybercriminals are now engaged in stealing sensitive data in targeted computers before launching a ransomware attack. This is resulting in a kind of ‘double jeopardy’ for the targeted victim.
  • As data becomes the world’s most precious commodity, attacks on data and data systems are bound to intensify.
  • Digital gaps amongst nations create an unsustainable environment in the cyber domain.
  • Internet of things are often not built with security. New technologies aid hackers too.
  • We don’t have a cyber-security mindset. Most of the cyber-attacks are not reported.
  • Scarcity of cyber security professionals, especially at the leadership level.
  • India is not even a signatory to some of the basic international frameworks on Cybersecurity like the Convention of Cybercrime of the Council of Europe (Budapest convention) which not only European nations but Japan, US, South Africa have become signatories to, except India.
  • Cyber threats will continue to increase as the country starts developing smart cities and rolling out 5G network, among other initiatives.
  • Attackers can gain control of vital systems such as nuclear plants, railways, transportation or hospitals that can subsequently lead to dire consequences.
  • There are only a few Indian companies who are making some of the cyber security products and there is a big vacuum in the sector.

 

Strategy should include the following:

  • Since a global consensus is unlikely any day soon, India should consider joining or leveraging existing frameworks like the Budapest Convention on Cybercrime. After all, cybersecurity has become a geopolitical issue, as reiterated time and again by the Prime Minister.
  • Security by design, budgeting by default: It is high time that 10% of every IT budget in the government be earmarked for cybersecurity, as recommended by the NASSCOM Cyber Security Task Force.
  • Prevention is better than cure: Nine out of 10 data breaches can be mitigated if we all take care of basic cybersecurity like using licensed and updated software, using different and difficult passwords for different services and devices, multi-factor authentication and strong encryption.
  • The cybersecurity guidelines or frameworks issued by RBI, SEBI, IRDAI and PFRDAI can be greatly synergized under the aegis of the Financial Stability and Development Council (FSDC), thereby bringing greater sanity for the regulators as well as the regulated entities.